f5-appsvcs-extension
f5-appsvcs-extension copied to clipboard
F5Networks
AS3 does not assign APM connectivity profile
Environment
- Application Services Version: 3.28.0
- BIG-IP Version: 16.1.0
Summary
When using AS3 to configure a VS with a connectivity profile (APM), the declaration is accepted and returns a successful response, but the configured VS does not have the connectivity profile applied. Performing the same procedure with TMSH
Steps To Reproduce
-
Create a connectivity profile to use.
tmsh create apm profile connectivity custom_connecttmsh save sys config -
Submit the following declaration:
{
"class": "ADC",
"schemaVersion": "3.28.0",
"Example_APM_profiles": {
"class": "Tenant",
"Application": {
"class": "Application",
"APMprofile_vs": {
"class": "Service_UDP",
"virtualPort": 443,
"virtualAddresses": [
"1.1.1.10"
],
"profileConnectivity": {
"bigip": "/Common/custom_connect"
}
}
}
}
}
- Observe that the created configuration object does not have the connectivity profile assigned:
tmsh list ltm virtual /Example_APM_profiles/Application/APMprofile_vs
ltm virtual /Example_APM_profiles/Application/APMprofile_vs {
creation-time 2022-01-27:15:14:03
description Application
destination /Example_APM_profiles/1.1.1.10:https
ip-protocol udp
last-modified-time 2022-01-27:15:14:03
mask 255.255.255.255
partition Example_APM_profiles
persist {
source_addr {
default yes
}
}
profiles {
udp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 20
}
Expected Behavior
The Virtual Server should be configured with the correct profile applied. TMSH can already correctly configure the VS with the same data.
create ltm virtual /Example_APM_profiles/Application/APMprofile_vs_tmsh destination 1.1.1.11:9999 ip-protocol udp mask 255.255.255.255 profiles add { custom_connect {context clientside } udp {} }
ltm virtual APMprofile_vs_tmsh {
creation-time 2022-01-27:15:19:45
destination /Example_APM_profiles/1.1.1.11:distinct
ip-protocol udp
last-modified-time 2022-01-27:15:19:45
mask 255.255.255.255
partition Example_APM_profiles
profiles {
/Common/custom_connect {
context clientside
}
/Common/ppp { }
/Common/udp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 23
}
Thank you for your feedback. I have confirmed this issue with the latest release, and I have added this to our internal product backlog as AUTOTOOL-2985.
It looks like connectivity profiles are not supported on UDP services. Are you able to use Service_HTTP or Service_HTTPS for your use case instead?
It looks like connectivity profiles are not supported on UDP services. Are you able to use Service_HTTP or Service_HTTPS for your use case instead?
Both Service_HTTP and Service_HTTPS respond with a 422 saying that the "profileAccess" property is required.
"profileAccess": {
"bigip": "/Common/accessProfile"
}
Adding such a property lets the POST succeed, as well as create a properly configured Virtual Server.
ltm virtual APMprofile_vs {
creation-time 2022-01-27:17:26:37
description Application
destination /Example_APM_profiles/1.1.1.10:https
ip-protocol tcp
last-modified-time 2022-01-27:17:26:37
mask 255.255.255.255
partition Example_APM_profiles
persist {
/Common/cookie {
default yes
}
}
profiles {
/Common/accessProfile { }
/Common/custom_connect {
context clientside
}
/Common/f5-tcp-progressive { }
/Common/http { }
/Common/ppp { }
/Common/rba { }
/Common/websso { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 26
}
It's not unreasonable that the original POST declaration wouldn't work if UDP services don't support connectivity profiles, but that does not explain why the TMSH command works instead.
tmsh create ltm virtual /Example_APM_profiles/Application/APMprofile_vs_tmsh destination 1.1.1.11:9999 ip-protocol udp mask 255.255.255.255 profiles add { custom_connect {context clientside } udp {} }